Thoughts from a Conservative point of view in regards to technology

Menu

Introduction to Altiris Deployment Solution 7.1

I recently delivered a webcast for my company on Altiris Deployment Solution 7.1 and wanted to post this to share more thoughts and also maybe expand on some of the things covered there.

Deployment Solution 7.1 is currently in the release candidate stage and can be found at beta.altiris.com under the IT Management Suite, which include Client Management Suite (Inventory, Patch, Deployment, etc), Server Management (Deployment Solution, Monitor Solution, Patch Management, etc), Workflow Solution, Asset Management, CMDB, and Service Desk.

The first thing we need to talk about when discussing DS 7.1 is that it is built on the Symantec Management Platform 7. When the 7.X platform was first announced there was much talk about the integration between DS and NS and whether or not it actually would happen. DS 7.1 is where this integration occurs.

Let’s expand on this integration a bit before going further. For a long time we have told the story of one agent, one console, one database, however as we all know this is not the case. We have the dagent, the aclient, the eXpress database, the Win 32 Console, the Altiris Agent, the Symantec_CMDB, the NS Console, etc… Now that has all changed, because DS 7.1 is built on the SMP (the old Notification Server) we are leveraging all parts. We now truly have one agent, one console and one database. Gone is the Win32 console, the aclient, the eXpress database and even the slow DS Web Console.

Below is a screenshot of SMP 7 and DS 7.1:

When Symantec started talking about integrating the DS and NS the first complaint was “Does this mean we are going to lose the drag and drop functionality of the DS Console?” Shortly followed by “Will this new console be as slow as the current DS Web Console?” Symantec has addressed this by leveraging Microsoft’s Silverlight technology to give us not only a faster web browser, but drag and drop capability.

The DS Portal is where you will spend most of the time working w/ Deployment Solution 7.1. This has the look and feel of the Win32 console with my computer, my jobs and tasks and information about the current computer all displayed on it.

One thing on the DS Portal to get used to is the “Getting Started” flyout that is visable as an arrow on the left side of the screen and is pictured below

The first step will be to discover the computers you have, then push out the DS Plug-in to them. These plug right into the NS Agent, once again no separate agent to worry about. From the “Getting Started” portion we can continue the setup of the solution, from how disk images work, what type of drivers we are loading, multi-casting and even PXE server configuration.

Let’s take a minute right now and put it right out in the open… Yes DS 7.1 supports PXE. This is a question that I am always asked when I start talking about DS 7.1. The confusion is DS 7, which came with the first release of CMS 7 only supported Automation Partitions. Now DS 7.1 supports both Automation Paritions and PXE booting. More on this later.

Back to the integration… One of the key parts of SMP is the ability to use Organizational Views and Groups. Because of the integration, we can leverage the groups in DS 7.1. Let me explain how this works… I setup my organzational groups (or import them from AD) and then assign management rights to users (this replaces NS 6 secured collections). Now a user can see and manage only the computers he has permission to. See the following screen shot for an example:

So now as a local admin of the Grand Rapids office I can only run jobs and tasks on the computers in and I don’t see any of the computers in Chicago and Atlanta. By leveraging Organizational Vies and Groups we change how the security was set in DS 6.9.

Another key part of the integration is the ability to leverage hierarchy and replication. In SMP 7 we now have true parent/child relationships, the ability to set policies/packages/etc from the parent and have them filter down to the child. This includes images and DS jobs and tasks. Most enterprises have multiple Deployment Solutions and it has always been a pain to keep them synchronized. By leveraging hierarchy we are solving that problem.

So we’ve spent some time talking about the integration and leveraging some of the benifits of the Symantec Management Platform, let’s now talk about tasks, imaging, etc.

As mentioned earlier, the DS Portal built on Microsoft’s Silverlight technology gives us the drag and drop that we came to expect in the Win32 console. To access the DS Portal, from the Management Console select Home -> DS Portal.

To create a new job under the DS Portal, right click under the folder and you would like to use and select New Job. The following screenshot shows the Jobs and Tasks portion of the DS Portal.

Under the Deployment and Migration folder is where any default jobs and tasks. (You can create other folders as well, based on your security and permissions.) When I select New Job, it displays the following image:

This interface is the Job and Task interface from Task Server which you might not be familiar with if you haven’t used it before. There are two ways to add tasks to a job, one create a new tasks or add an existing task. Because we are leveraging the task server portion of the SMP, any task we have created in the SMP we can use as part of a DS job. An example would be deploying an image, pushing software with software delivery, running an inventory, and then pushing out patches; all leveraging a DS job. The options are endless.

The screenshot above shows the deploy an image task. Once an image is selected for deployment I select whether or not I’m using DeployAnywhere or not and if there are any credentials I need to pass to the image. To deploy this image I would drag the job to the computer I want to image and it will run.

Creating an image is about the same, it is a task that runs through the Symantec Management Platform but has different options which are shown in the following screenshots:

Selecting compression and maximum file speed

Capture an image over http

Once an image has been created it can be deployed as another job using the Deploy Image task.

This has been a quick overview and whirlwind tour of Deployment Solution 7.1. If you have any questions drop me or note or if you want to see an email drop me an email as well..

8 thoughts on “Introduction to Altiris Deployment Solution 7.1”

Any info on how responsive this console will be over say a 512 link. One of our major concerns with losing the win32 console is that our sites will have to get used to a slow responding console. NS6.5 was better than 6 but 7 still doesnt appear to be great when using it over a slow wan link from overseas. Its going to make a lot of our techs less than happy.

Sorry for the delay in responding to this. I don’t know how it will respond but how it will respond well. How do flash or other rich internet applications respond over the console? Does Silverlight preload a bunch of files or information and then allow you to use it?

Do you by chance know of any of the security aspects of Deployment Solution 7.1? Many of the previous versions seem to have a weakness that allows a remote attacker to invoke the agent or ActiveX and push their own code to it. As a security administrator, I’m sure you can understand why this would make me lose sleep. Are there any controls I can put in place on the agent itself to only accept connections from certain systems?

Hi, Jonathan!
I use ITMS 7.1 with Workflow and Service Desk servers. I`ve installed Deployment solution 7.1 sp1a.
I found many video about Windows 7 migration (http://www.screencast.com/t/ZWI2Yzlh).
Unfortunately I can`t find any links in documentation or connect site about where to find this template for workflow. Coluld you give me some additional information about it?

I’ve heard a lot about that product as well or workflow but haven’t seen the code/examples either. I would check on http://www.workflowswat.com to see if it existed there or reach out to the people on that site for more information